Efficient Decentralized Ciphertext-Policy Attribute Based Encryption With Fine-Grained Revocation
首发时间:2020-05-19
Abstract:Ciphertext-policy attribute based encryption (CP-ABE) enables flexible access control for cloud storage. If and only if a user\'s attributes satisfy the pre-defined access policy, which is embedded in the ciphertext, user can decrypt the data. Especially, decentralized CP-ABE is suitable for distributed system due to more flexible attribute management. Nevertheless, the access policy for uploading data to the cloud is explicit, which might lead to privacy leakage. A user\'s privacy can be traced by his/her unique identifier. Existing works either pay little attention to protecting user\'s privacy from attribute-authorities colluding, or have vast computational overheads for enhanced security. In this paper, an efficient decentralized CP-ABE with fine-grained revocation is proposed for cloud storage. To improve privacy protection, user\'s attributes are hide in the access policy, and an anonymous key protocol is constructed to make user\'s be unknown to attribute authorities. Meanwhile, complicated tasks such as pairing and exponential operations in encryption and decryption are outsourced to the cloud. The proposed scheme is friendly to resource-constrained end-users. Even fine-grained attribute revocation used to be complex, our scheme requires only updating part of user\'s secret key and re-encrypting part of ciphertext. Extensive performance analysis shows that the proposed scheme is more efficient and improves privacy, which makes it be more feasible for cloud.
keywords: Informatiion security cloud computing attribute based encryption privacy preserving online/offline encryption outsourced decryption
点击查看论文中文信息
支持细粒度撤销的高效分布式密文策略属性基加密
摘要:密文策略属性基加密为云存储提供灵活的访问控制,当且仅当用户属性符合密文中的访问结构时,用户才能成功解密文。特别地,分布式密文策略属性基加密因为能实现灵活的属性管理更适用于分布式系统。但是上传到云的访问结构是以明文形式呈现,这可能导致隐私泄露;另一方面,用户的隐私可以通过其独一无二的身份标识被追踪。目前大多数研究很少关注抵抗属性权限中心合谋的用户隐私保护,或者平衡处理好高开销与高度安全性。本文提出云存储环境下支持细粒度撤销的高效分布式密文策略属性基加密。为实现隐私保护,首先将访问结构中的属性隐藏,其次方案中嵌入匿名密钥发布协议,使得用户的身份标识不为属性权限中心所知。同时,复杂计算如指数和匹配运算外包到云服务器,使得加密解密两端都能在资源有限设备操作。其他方案中棘手的撤销操作在我们方案中也鲜少表现。最后通过仿真及与其他方案的比较分析,阐明本方案在效率和安全性上更有优势,在云环境下是可行的。
基金:
引用
No.****
动态公开评议
共计0人参与
勘误表
支持细粒度撤销的高效分布式密文策略属性基加密
评论
全部评论0/1000